If you don't know about Phishing Don't Worry Just read the Below tutorial first:
How To Create Facebook Phishing Page
Once you have learned something about phishing, Feel free to come back to this article.
It is easy these days for a person to identify the phishing page by looking at the url of the webpage. But Today i will show you a trick to use original domain address for phishing, hacker can use original domain address. But how? Let me explain you in this brief article.
Requirements:
Wamp server
Install WinRar
We are going to send an email with an executable to victim. If the victim double click the executable file, then you will get success in this attack. Now, whenever the victim enter the real domain name (like www.facebook.com) ,he will be redirecting to our phishing page.
How is it done?
Executable file will change the Host file of Victim system.
What is host file?
The host file contains Domain Name and IP address associated with them. Your host file will be in this path:
C:\Windows\System32\drivers\etc\
Whenever we enter the Domain name or URL (for eg: www.webaddress.com), a
query will be send to the DNS (Domain Name server). This DNS connect
to the IP address which is associated with the Domain Name. But before
this to be done, the host file in our system will check for the IP
address associated with the Domain Name. Suppose we make an entry with
Domain Name and IP address of our phishing web page(for eg:
www.webaddress.com wiht our ip 123.23.X.X),then there's no query will be
send to the DNS.
It will automatically connect to the IP address associated with the Domain Name. This will fruitful for us to mask the PHISHING web page's URL with Original Domain Name.
Now Let's divide into the Implementation:
If you are hosting some other hosting site, probably you won't get the
unique IP address for your Phishing Web Page. You can have the IP
Address of the hosting only. So if you try to use that IP address, the
victim will not bring to your Phishing web page , they will bring to the
hosting address.
So what you can do overcome this problem? You need to set up your own
Webserver in home. Using Webserver softwares you can set up your own
Hosting service.
Your computer should be turned on always. Because if you turned off
the computer,then probably host will not be in online. Again it will be
available when you turned on. So your computer turned on when victim
visits your site.
How To set up Your own server?
Download the Webserver softwares like WAMP,XAMP(Both are open
source software, I meant they are free ). My suggestion is WAMP.
Because it is my favorite one. It is easy to use.
Download the wamp server from www.wampserver.com
Download the wamp server from www.wampserver.com
Install the WAMP server. After installation completed, Go to this folder path:
C:\Wamp\WWW
And paste your phishing web page here.
Start the Wamp Server.
(Start->windows->All Programs->Wamp Server->start wamp server)
you can see the half circle icon(wamp server icon) in system tray(i mean near to the time). Click the icon and select the start all services.
Now type your ip address in address bar of the web browser and hit enter. If you don't know your ip address ,visit www.whatismyip.com.
Now you can see your Phishing web page in your Browser.
Modifying the Host file :
Copy the Host file from this path "C:\WINDOWS\system32\drivers\etc" to desktop. Right click on the host file and open with Notepad.
You can see the localhost entry there.
Below that type as :
.your_ip domain_nameFor eg:
123.xx.xx.xx www.gmail.com
Save the File.
Compress the Host File:
Compress hosts file such that when victim opens it, it automatically gets copied to default
location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.
Right click on the Hosts file and select the Add to archive option. Now follow the steps which is shown in picture:
Now send the zipped file to victim. If he extract the zip file, then the hosts file will be replaced.
You are done. Now whenever he try to visit the genuine or original website, the phishing webpage only will be shown.
Some Disadvantages of this Hack:
- If your IP address is dynamically changed ,then it is hard to implement it
- If your victim is advanced user,he may notice the certificates of site which is shown by browser.
2 Comments
louis vuitton outlet
ReplyDeletetory burch sandals
air force one shoes
true religion jeans
christian louboutin
san antonio spurs
new york jets
beats by dr dre
uggs outlet
tiffany jewelry
michael kors outlet store
tommy hilfiger outlet
michael kors usa
green bay packers
iphone cases
chicago bears
michael kors handbags store
hermes bags
moncler coats
chicago bulls
timberland outlet
mont blanc
new york knicks
louis vuitton handbags outlet store
ugg outlet
arizona cardinals
michael kors outlet store
new england patriots
canada goose jackets
polo ralph lauren uk
ugg boots
michael kors outlet store
ddddd1105
true religion jeans
ReplyDeleteugg italia
burberry scarf
longchamp handbags
ray ban sunglasses wholesale
canada goose canada
nike air
uggs outlet
oakley sunglasses
coach handbags
20182.26chenjinyan